ADcheck Report

Privilege and Trust Management Messages
User can create dns record : True
Computers with constrained delegation : []
Control delegations : { "OU=Domain Controllers,DC=serval,DC=int": [], "OU=Domain Computers,DC=serval,DC=int": [], "OU=Domain Users,DC=serval,DC=int": [], "OU=Domain Groups,DC=serval,DC=int": [], "CN=Computers,DC=serval,DC=int": [], "CN=ForeignSecurityPrincipals,DC=serval,DC=int": [], "CN=Keys,DC=serval,DC=int": [], "CN=Managed Service Accounts,DC=serval,DC=int": [], "CN=Program Data,DC=serval,DC=int": [], "CN=Users,DC=serval,DC=int": [], "DC=serval,DC=int": [] }
Group policy folder/file rights : { "User can write extended attributes Default Domain Policy": [ "User can be traversed serval.int/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Registry.pol", "User can be traversed serval.int/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI", "User can be traversed serval.int/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf" ], "User can write extended attributes Default Domain Controllers Policy": [ "User can be traversed serval.int/Policies/{6AC1786C-016F-11D2-945F-00C04fB984F9}/GPT.INI", "User can be traversed serval.int/Policies/{6AC1786C-016F-11D2-945F-00C04fB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf" ] }
Privilege Rights : { "SeAssignPrimaryTokenPrivilege": [ "Network Service", "NT Authority (Local Service)" ], "SeAuditPrivilege": [ "Network Service", "NT Authority (Local Service)" ], "SeBackupPrivilege": [ "Server Operators", "Backup Operators", "Administrators" ], "SeBatchLogonRight": [ "Builtin\\Performance Log Users", "Backup Operators", "Administrators" ], "SeChangeNotifyPrivilege": [ "Builtin\\Pre-Windows 2000 Compatible Access", "Authenticated Users", "Administrators", "Network Service", "NT Authority (Local Service)", "Everyone" ], "SeCreatePagefilePrivilege": [ "Administrators" ], "SeDebugPrivilege": [ "Administrators" ], "SeIncreaseBasePriorityPrivilege": [ "System Managed Accounts Group", "Administrators" ], "SeIncreaseQuotaPrivilege": [ "Administrators", "Network Service", "NT Authority (Local Service)" ], "SeInteractiveLogonRight": [ "Enterprise Domain Controllers", "Print Operators", "Server Operators", "Account Operators", "Backup Operators", "Administrators" ], "SeLoadDriverPrivilege": [ "Print Operators", "Administrators" ], "SeMachineAccountPrivilege": [ "Authenticated Users" ], "SeNetworkLogonRight": [ "Builtin\\Pre-Windows 2000 Compatible Access", "Enterprise Domain Controllers", "Authenticated Users", "Administrators", "Everyone" ], "SeProfileSingleProcessPrivilege": [ "Administrators" ], "SeRemoteShutdownPrivilege": [ "Server Operators", "Administrators" ], "SeRestorePrivilege": [ "Server Operators", "Backup Operators", "Administrators" ], "SeSecurityPrivilege": [ "Administrators" ], "SeShutdownPrivilege": [ "Print Operators", "Server Operators", "Backup Operators", "Administrators" ], "SeSystemEnvironmentPrivilege": [ "Administrators" ], "SeSystemProfilePrivilege": [ "S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420", "Administrators" ], "SeSystemTimePrivilege": [ "Server Operators", "Administrators", "NT Authority (Local Service)" ], "SeTakeOwnershipPrivilege": [ "Administrators" ], "SeUndockPrivilege": [ "Administrators" ], "SeEnableDelegationPrivilege": [ "Administrators" ] }
Computers with rbac :[]
HKLM\SYSTEM permissions :
[ { "User": "Authenticated Users", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Read", "InheritedObjectType": "This key and subkeys" } }, { "User": "Server Operators", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Read", "InheritedObjectType": "This key and subkeys" } }, { "User": "Administrators", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Full Control", "InheritedObjectType": "This key and subkeys" } }, { "User": "System (or Local System)", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Full Control", "InheritedObjectType": "This key and subkeys" } }, { "User": "Creator Owner ID", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": [], "InheritedObjectType": "Subkeys only" } }, { "User": "All Application Packages", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Read", "InheritedObjectType": "This key and subkeys" } }, { "User": "S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Read", "InheritedObjectType": "This key and subkeys" } } ]
HKLM\SECURITY permissions :
[ { "User": "System (or Local System)", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Full Control", "InheritedObjectType": "This key and subkeys" } }, { "User": "Administrators", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": [ "Read Control", "Write DAC" ], "InheritedObjectType": "This key and subkeys" } } ]
HKLM\SAM permissions :
[ { "User": "Users", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Read", "InheritedObjectType": "This key and subkeys" } }, { "User": "Administrators", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Full Control", "InheritedObjectType": "This key and subkeys" } }, { "User": "System (or Local System)", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Full Control", "InheritedObjectType": "This key and subkeys" } }, { "User": "Creator Owner ID", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Full Control", "InheritedObjectType": "This key and subkeys" } }, { "User": "All Application Packages", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Read", "InheritedObjectType": "This key and subkeys" } }, { "User": "S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681", "Permissions": { "PermissionsType": "ACCESS_ALLOWED_ACE", "PermissionsValue": "Read", "InheritedObjectType": "This key and subkeys" } } ]
Authentication policy silos : []
Trust accounts for the delegation : []
User Account Management Messages
Number of accounts which have never expiring passwords : 3
Admin accounts that can be delegated : ['Administrator']
Admin accounts not in Protected Users group : ['Administrator']
Accounts in Schema Admins group : ['Administrator']
Accounts vulnerable to asreproasting attack : []
Accounts with altSecurityIdentities attributes: []
Accounts with userPassword attributes: []
Accounts with unixUserPassword attributes: []
Accounts with unicodePwd attributes: []
Accounts with msDS-HostServiceAccount attributes: []
Accounts with blank password : []
Accounts which can use des authentication : []
Group Managed Service Accounts : []
Number of accounts with identical password : 1
Number of inactive accounts: 0
Accounts vulnerable to kerberoasting attack : []
Locked accounts : []
The native administrator account has been used recently : 2 day(s) ago
Accounts with password not required : []
Pre-Windows 2000 Compatible Access group members contain "Authenticated Users : True
Privesc group : { "Administrators": [ "Domain Admins", "Enterprise Admins", "Administrator" ], "Domain Admins": [ "Administrator" ], "Enterprise Admins": [ "Administrator" ], "Enterprise Key Admins": [], "Key Admins": [], "Schema Admins": [ "Administrator" ], "Replicator": [], "Server Operators": [], "Backup Operators": [], "Print Operators": [], "DnsAdmins": [], "Account Operators": [], "Remote Desktop Users": [], "Certificate Operators": [], "Cert Publishers": [] }
Accounts which have reversible passwords : []
Accounts vulnerable to timeroasting attack : []
Users with description : ['Administrator', 'Guest', 'krbtgt']
Accounts that were an admin : ['Administrator']
Computer and Domain Management Messages
Computers with bitlocker keys : []
Non-admin users can add up to 10 computer(s) to a domain
Domain Controllers: ['SRV-DC01$']
Functional level of domain is : Windows Server 2016
Kerberos config : { "MaxTicketAge": "10", "MaxRenewAge": "7", "MaxServiceAge": "600", "MaxClockSkew": "5", "TicketValidateClient": "1" }
Supported Kerberos encryption algorithms : RC4_HMAC_MD5
Kerberos password last changed : 258 day(s) ago
LAPS is installed : False
Ldap anonymous bind : False
LDAP signature was required on target : False
Named Pipes : [ "InitShutdown", "lsass", "ntsvcs", "scerpc", "Winsock2\\CatalogChangeListener-36c-0", "epmapper", "Winsock2\\CatalogChangeListener-1e0-0", "LSM_API_service", "eventlog", "Winsock2\\CatalogChangeListener-158-0", "atsvc", "Winsock2\\CatalogChangeListener-274-0", "Winsock2\\CatalogChangeListener-274-1", "wkssvc", "Winsock2\\CatalogChangeListener-3f8-0", "RpcProxy\\49677", "c466f763b8fd8c41", "RpcProxy\\593", "srvsvc", "spoolss", "Winsock2\\CatalogChangeListener-884-0", "netdfs", "vgauth-service", "Winsock2\\CatalogChangeListener-268-0", "W32TIME_ALT", "Winsock2\\CatalogChangeListener-8e8-0", "PIPE_EVENTROOT\\CIMV2SCM EVENT PROVIDER", "Winsock2\\CatalogChangeListener-678-0", "Winsock2\\CatalogChangeListener-280-0", "Winsock2\\CatalogChangeListener-1278-0", "winreg" ]
Password Settings Object : []
Recycle Bin is enabled : False
SMB signing is required : True
Spooler service is enabled on remote target : True
Supported encryption by Domain Controllers : [ "SRV-DC01$: [RC4, AES 128, AES 256]" ]
The computer was never backed up
The computer is up to date (Last : 10/29/2018) : False
Audit and Policy Management Messages
Audit policy not configured
Force logoff when logon hours expire : False
Group Policy Object by Organizational Unit : [ { "dn": "DC=serval,DC=int", "gpLink": [ { "name": "{31B2F340-016D-11D2-945F-00C04FB984F9}", "displayName": "Default Domain Policy" } ] }, { "dn": "OU=Domain Controllers,DC=serval,DC=int", "gpLink": [ { "name": "{6AC1786C-016F-11D2-945F-00C04fB984F9}", "displayName": "Default Domain Controllers Policy" } ] } ]
Group Policy containing a password : []
Default password policy : { "lockoutDuration": "-18000000000", "lockOutObservationWindow": "-18000000000", "maxPwdAge": "-42 days, 0:00:00", "minPwdAge": "-1 day, 0:00:00", "minPwdLength": "7", "pwdHistoryLength": "24", "pwdProperties": "DOMAIN_PASSWORD_COMPLEX" }
MSI packages are always installed with elevated privileges : False
CredentialGuard is enabled : False
LM hash storage disabled : True
Authentication limited to NTLMv2 mechanism only : False
AppLocker rules defined : False
gpp_autologon is enabled : False
AMSI installed is : Windows Defender
Bitlocker is enabled : False
Untrusted Certificates : [ { "ROOT": { "Issuer": "O:Microsoft Trust Network, OU:Microsoft Corporation, OU:Microsoft Time Stamping Service Root, OU:Copyright (c) 1997 Microsoft Corp.", "Version": 0, "Not Before": "19970513161259Z", "Not After": "19991230235959Z", "Serial Number": 1, "Signature Algorithm": "md5WithRSAEncryption", "Public Key": "type: TYPE_RSA, bits: 1024", "Digest": "6EF914723F089D2ADAFF98D470A3651CCF1768E559FBDCC0FAAA640AA12E5753", "Extensions": [] } }, { "ROOT": { "Issuer": "C:US, O:MSFT, CN:Microsoft Authenticode(tm) Root Authority", "Version": 2, "Not Before": "19950101080001Z", "Not After": "19991231235959Z", "Serial Number": 1, "Signature Algorithm": "md5WithRSAEncryption", "Public Key": "type: TYPE_RSA, bits: 2048", "Digest": "4898B1749717A594A2030F47C83C272BD14BAE3DCEB2EAE382174EF2EC1C75C9", "Extensions": [ "UNDEF", "CN", "UNDEF" ] } } ]
Disabled Certificates : [ { "AuthRoot": { "Issuer": "C:US, O:VeriSign, Inc., OU:Class 3 Public Primary Certification Authority", "Version": 0, "Not Before": "19960129000000Z", "Not After": "20280801235959Z", "Serial Number": 149843929435818692848040365716851702463, "Signature Algorithm": "md2WithRSAEncryption", "Public Key": "type: TYPE_RSA, bits: 1024", "Digest": "E7685634EFACF69ACE939A6B255B7B4FABEF42935B50A265ACB5CB6027E44E70", "Extensions": [] } }, { "ROOT": { "Issuer": "O:VeriSign Trust Network, OU:VeriSign, Inc., OU:VeriSign Time Stamping Service Root, OU:NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", "Version": 0, "Not Before": "19970512000000Z", "Not After": "20040107235959Z", "Serial Number": 98496942895826495485766746947989658787, "Signature Algorithm": "md5WithRSAEncryption", "Public Key": "type: TYPE_RSA, bits: 1024", "Digest": "5B789987F3C4055B8700941B33783A5F16E0CFF937EA32011FE04779F7635308", "Extensions": [] } }, { "ROOT": { "Issuer": "C:US, O:Symantec Corporation, CN:Symantec Enterprise Mobile Root for Microsoft", "Version": 2, "Not Before": "20120315000000Z", "Not After": "20320314235959Z", "Serial Number": 20495723478307131886371360917633161422, "Signature Algorithm": "sha256WithRSAEncryption", "Public Key": "type: TYPE_RSA, bits: 2048", "Digest": "8A5E4881D42F7475E8EC3726FCD5E51884AA04DAA9FA7ADAC8CD26452CF885D4", "Extensions": [ "basicConstraints", "keyUsage", "subjectAltName", "subjectKeyIdentifier" ] } }, { "ROOT": { "Issuer": "OU:Copyright (c) 1997 Microsoft Corp., OU:Microsoft Corporation, CN:Microsoft Root Authority", "Version": 2, "Not Before": "19970110070000Z", "Not After": "20201231070000Z", "Serial Number": 3914548144742538765706922673626944, "Signature Algorithm": "md5WithRSAEncryption", "Public Key": "type: TYPE_RSA, bits: 2048", "Digest": "F38406E540D7A9D90CB4A9479299640FFB6DF9E224ECC7A01C0D9558D8DAD77D", "Extensions": [ "UNDEF" ] } }, { "ROOT": { "Issuer": "C:ZA, ST:Western Cape, L:Durbanville, O:Thawte, OU:Thawte Certification, CN:Thawte Timestamping CA", "Version": 2, "Not Before": "19970101000000Z", "Not After": "20201231235959Z", "Serial Number": 0, "Signature Algorithm": "md5WithRSAEncryption", "Public Key": "type: TYPE_RSA, bits: 1024", "Digest": "6B6C1E01F590F5AFC5FCF85CD0B9396884048659FC2C6D1170D68B045216C3FD", "Extensions": [ "basicConstraints" ] } }, { "ROOT": { "Issuer": "DC:com, DC:microsoft, CN:Microsoft Root Certificate Authority", "Version": 2, "Not Before": "20010509231922Z", "Not After": "20210509232813Z", "Serial Number": 161735313838342892179587228130098753125, "Signature Algorithm": "sha1WithRSAEncryption", "Public Key": "type: TYPE_RSA, bits: 4096", "Digest": "885DE64C340E3EA70658F01E1145F957FCDA27AABEEA1AB9FAA9FDB0102D4077", "Extensions": [ "keyUsage", "basicConstraints", "subjectKeyIdentifier", "UNDEF" ] } } ]
Firewall is disabled : False
IPv4 preferred over IPv6 : False
LLMNR, NetBIOS or mDNS is disabled : False
Too many logons are kept in the LSA cache : True
Lsass runs as a protected process : False
Powershell v2 is enabled : True
Powershell events are logged : False
Powershell is configured in Restricted mode : False
RDP use NLA : True
RDP is secured over pass the hash attack : False
RDP session timeout is not defined
UAC configuration is secure : True
WDigest authentication enabled : False
WPAD is disabled : False
Windows Script Host is disabled : False
WSUS server is not used